On Monday, Microsoft said that it won an order of the court that allowed the firm to take control of fifty websites that a North Korea-based hacking group was stealing sensitive information through cyberattacks. Microsoft said in a latest blog post that the group named as Thallium, supposed to be operating from North Korea, using a technique recognized as spear phishing to trick its victims.
By gathering info about people through social media and public domain, the hackers created modified emails that looked credible. According to Microsoft, those emails engaged individuals to fake websites where their account login credentials compromised that allowed the attackers to read emails, access calendar appointments and look at contact lists.
Major Targets of Thallium to Steal Sensitive Data
Also, Thallium compromise systems and steal sensitive information using malicious software. The targets of the group included think tanks, university staff, government employees and people working on nuclear proliferation matters. Maximum of them based in South Korea, Japan and the United States. Furthermore, Microsoft says that Thallium was the 4th nation-state hacking group against which it files lawsuits on December 18 to take down the infrastructure they use to do cyberattacks.
However, it’s unclear how many individuals attacked by Thallium, yet the complaint claims the group has been active since late 2010, and it poses a risk today as well as into the future. Microsoft requested the hosting companies that host website domains linked with Thallium to hand over the websites’ control. Moreover, it wants compensation for losses in an expanse to prove at trial. Microsoft didn’t respond immediately for the request to comment.
Hackers group also used deceiving websites to mislead users to have confidence in that they worked on authentic websites of Microsoft as well as hackers used email attachments to spread malware into the systems of the users. Particularly, recognized in the lawsuit as KimJongRAT and BabyShark used to compromise the victim’s systems and steal sensitive information from them. According to court filings, the complaint filed in a Virginia federal court because Thallium uses website domains registered in the state.